Thursday, December 18, 2008

Researchers Hone In On 'Dropzones' For Stolen Credentials

German researchers have discovered more than 300 cybercrime servers full of stolen credentials on more than 170,000 people -- and it is only the tip of the iceberg, they say.

Researchers at the University of Mannheim's Laboratory for Dependable Distributed Systems were able to access nearly 100 so-called "dropzone" machines, and say the actual number of these servers is much more.

"With our limited amount of machines, we found more than 300 dropzones, and we covered only two families of banking Trojans. In total, there are presumably many more," says Thorsten Holz, one of the researchers and a founder of the German Honeypot Project. The researchers were studying what they call "impersonation attacks," where victims' credentials are stolen so that the attacker can impersonate them.

The researchers basically traced the steps [.pdf] of specific keyloggers and banking Trojans between April and October 2008. One-third of the machines infected by this data-stealing malware are in Russia or the U.S., according to the researchers. Overall, the 170,000 victims whose data they discovered in the dropzones were from 175 different countries.

They discovered a total of 10,775 bank account credentials, including passwords and bank account details that the victims would enter during a regular transaction. They also found more than 5,600 credit card accounts and tens of thousands of passwords for various sites.